20% 3.0 VPN Technologies 3.1 Tunneling 3.1.a Implement and troubleshoot MPLS operations 3.1.a (i) Label stack, LSR, LSP 3.1.a (ii) LDP 3.1.a (iii) MPLS ping, MPLS traceroute 3.1.b Implement and troubleshoot basic MPLS L3VPN 3.1.b (i) L3VPN, CE, PE, P 3.1.b (ii) Extranet (route leaking) 3.1.c Implement and troubleshoot encapsulation 3.1.c (i) GRE 3.1.c (ii) Dynamic GRE 3.1.d Implement and troubleshoot DMVPN (single hub) 3.1.d (i) NHRP 3.1.d (ii) DMVPN with IPsec using preshared key 3.1.d (iii) QoS profile 3.1.d (iv) Pre-classify 3.2 Encryption 3.2.a Implement and troubleshoot IPsec with preshared key 3.2.a (i) IPv4 site to IPv4 site 3.2.a (ii) IPv6 in IPv4 tunnels 3.2.a (iii) Virtual tunneling interface (VTI) 3.3 Troubleshooting VPN technologies 3.3.a Use IOS troubleshooting tools 3.3.a (i) debug, conditional debug 3.3.a (ii) ping, traceroute with extended options 3.3.a (iii) Embedded packet capture 3.3.b Apply troubleshooting methodologies 3.3.b (i) Diagnose the root cause of networking issue (analyze symptoms, identify and describe root cause) 3.3.b (ii) Design and implement valid solutions according to constraints 3.3.b (iii) Verify and monitor resolution 3.3.c Interpret packet capture 3.3.c (i) Using wireshark trace analyzer 3.3.c (ii) Using IOS embedded packet capture 5% 4.0 Infrastructure Security 4.1 Device security 4.1.a Implement and troubleshoot IOS AAA using local database 4.1.b Implement and troubleshoot device access control 2013 Cisco Systems, Inc. This document is Cisco Public. Page 7 4.1.b (i) Lines (VTY, AUX, console) 4.1.b (ii) SNMP 4.1.b (iii) Management plane protection 4.1.b (iv) Password encryption 4.1.c Implement and troubleshoot control plane policing 4.2 Network security 4.2.a Implement and troubleshoot switch security features 4.2.a (i) VACL, PACL 4.2.a (ii) Stormcontrol 4.2.a (iii) DHCP snooping 4.2.a (iv) IP source-guard 4.2.a (v) Dynamic ARP inspection 4.2.a (vi) Port-security 4.2.a (vii) Private VLAN 4.2.b Implement and troubleshoot router security features 4.2.b (i) IPv4 access control lists (standard, extended, time-based) 4.2.b (ii) IPv6 traffic filter 4.2.b (iii) Unicast reverse path forwarding 4.2.c Implement and troubleshoot IPv6 first hop security 4.2.c (i) RA guard 4.2.c (ii) DHCP guard 4.2.c (iii) Binding table 4.2.c (iv) Device tracking 4.2.c (v) ND inspection/snooping 4.2.c (vi) Source guard 4.2.c (vii) PACL 4.3 Troubleshooting infrastructure security 4.3.a Use IOS troubleshooting tools 4.3.a (i) debug, conditional debug 4.3.a (ii) ping, traceroute with extended options 4.3.a (iii) Embedded packet capture 4.3.b Apply troubleshooting methodologies 4.3.b (i) Diagnose the root cause of networking issue (analyze symptoms, identify and describe root cause) 4.3.b (ii) Design and implement valid solutions according to constraints 4.3.b (iii) Verify and monitor resolution 4.3.c Interpret packet capture 4.3.c (i) Using wireshark trace analyzer 4.3.c (ii) Using IOS embedded packet capture 15% 5.0 Infrastructure Services 5.1 System management 5.1.a Implement and troubleshoot device management 5.1.a (i) Console and VTY 5.1.a (ii) telnet, HTTP, HTTPS, SSH, SCP 5.1.a (iii) (T)FTP 2013 Cisco Systems, Inc. This document is Cisco Public. Page 8 5.1.b Implement and troubleshoot SNMP 5.1.b (i) v2c, v3 5.1.c Implement and troubleshoot logging 5.1.c (i) Local logging, syslog, debug, conditional debug 5.1.c (ii) Timestamp 5.2 Quality of service 5.2.a Implement and troubleshoot end to end QoS 5.2.a (i) CoS and DSCP mapping 5.2.b Implement, optimize and troubleshoot QoS using MQC 5.2.b (i) Classification 5.2.b (ii) Network based application recognition (NBAR) 5.2.b (iii) Marking using IP precedence, DSCP, CoS, ECN 5.2.b (iv) Policing, shaping 5.2.b (v) Congestion management (queuing) 5.2.b (vi) HQoS, sub-rate ethernet link 5.2.b (vii) Congestion avoidance (WRED) 5.3 Network services 5.3.a Implement and troubleshoot first-hop redundancy protocols 5.3.a (i) HSRP, GLBP, VRRP 5.3.a (ii) Redundancy using IPv6 RS/RA 5.3.b Implement and troubleshoot network time protocol 5.3.b (i) NTP master, client, version 3, version 4 5.3.b (ii) NTP authentication 5.3.c Implement and troubleshoot IPv4 and IPv6 DHCP 5.3.c (i) DHCP client, IOS DHCP server, DHCP relay 5.3.c (ii) DHCP options 5.3.c (iii) DHCP protocol operations 5.3.c (iv) SLAAC/DHCPv6 interaction 5.3.c (v) Stateful, stateless DHCPv6 5.3.c (vi) DHCPv6 prefix delegation 5.3.d Implement and troubleshoot IPv4 network address translation 5.3.d (i) Static NAT, dynamic NAT, policy-based NAT, PAT 5.3.d (ii) NAT ALG 5.4 Network optimization 5.4.a Implement and troubleshoot IP SLA 5.4.a (i) ICMP, UDP, jitter, VoIP 5.4.b Implement and troubleshoot tracking object 5.4.b (i) Tracking object, tracking list 5.4.b (ii) Tracking different entities (e.g. interfaces, routes, IPSLA, and such) 5.4.c Implement and troubleshoot netflow 5.4.c (i) Netflow v5, v9 5.4.c (ii) Local retrieval 5.4.c (iii) Export (configuration only) 5.4.d Implement and troubleshoot embedded event manager 5.4.d (i) EEM policy using applet 2013 Cisco Systems, Inc. This document is Cisco Public. Page 9 5.5 Troubleshooting infrastructure services 5.5.a Use IOS troubleshooting tools 5.5.a (i) debug, conditional debug 5.5.a (ii) ping, traceroute with extended options 5.5.a (iii) Embedded packet capture 5.5.b Apply troubleshooting methodologies 5.5.b (i) Diagnose the root cause of networking issue (analyze symptoms, identify and describe root cause) 5.5.b (ii) Design and implement valid solutions according to constraints 5.5.b (iii) Verify and monitor resolution 5.5.c Interpret packet capture 5.5.c (i) Using wireshark trace analyzer 5.5.c (ii) Using IOS embedded packet capture |
